Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit e88a0faa authored by Ian Campbell's avatar Ian Campbell Committed by Ingo Molnar
Browse files

xen: unitialised return value in xenbus_write_transaction 



The return value of xenbus_write_transaction can be uninitialised in
the success case leading to the userspace xenstore utilities failing.

Signed-off-by: default avatarIan Campbell <ian.campbell@citrix.com>
Signed-off-by: default avatarIngo Molnar <mingo@elte.hu>
parent 659d2618

drivers/xen/xenfs/xenbus.c

+5 −6
Original line number Original line Diff line number Diff line
@@ -291,7 +291,7 @@ static void watch_fired(struct xenbus_watch *watch, 
static int xenbus_write_transaction(unsigned msg_type,

static int xenbus_write_transaction(unsigned msg_type,

				    struct xenbus_file_priv *u)

				    struct xenbus_file_priv *u)

{

{

	int rc, ret;

	int rc;

	void *reply;

	void *reply;

	struct xenbus_transaction_holder *trans = NULL;

	struct xenbus_transaction_holder *trans = NULL;

	LIST_HEAD(staging_q);

	LIST_HEAD(staging_q);
@@ -326,15 +326,14 @@ static int xenbus_write_transaction(unsigned msg_type, 
	}

	}





	mutex_lock(&u->reply_mutex);

	mutex_lock(&u->reply_mutex);

	ret = queue_reply(&staging_q, &u->u.msg, sizeof(u->u.msg));

	rc = queue_reply(&staging_q, &u->u.msg, sizeof(u->u.msg));

	if (!ret)

	if (!rc)

		ret = queue_reply(&staging_q, reply, u->u.msg.len);

		rc = queue_reply(&staging_q, reply, u->u.msg.len);

	if (!ret) {

	if (!rc) {

		list_splice_tail(&staging_q, &u->read_buffers);

		list_splice_tail(&staging_q, &u->read_buffers);

		wake_up(&u->read_waitq);

		wake_up(&u->read_waitq);

	} else {

	} else {

		queue_cleanup(&staging_q);

		queue_cleanup(&staging_q);

		rc = ret;

	}

	}

	mutex_unlock(&u->reply_mutex);

	mutex_unlock(&u->reply_mutex);